battlenet-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires connecting to an untrusted third-party MCP endpoint (https://rube.app/mcp). This source is not within the trusted scope and can provide arbitrary tools to the agent.
- REMOTE_CODE_EXECUTION (HIGH): The use of RUBE_REMOTE_WORKBENCH allows for remote execution of tools and logic on an environment controlled by the rube.app service.
- PROMPT_INJECTION (HIGH): Categorized as Indirect Prompt Injection (Category 8). Ingestion point: RUBE_SEARCH_TOOLS fetches tool schemas and plans from an external server. Capabilities: RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH allow the agent to perform actions based on those plans. Boundary markers and Sanitization: Absent. This allows the external server to influence agent behavior.
- CREDENTIALS_UNSAFE (HIGH): The skill uses RUBE_MANAGE_CONNECTIONS to handle Battlenet authentication via a third-party proxy. Following auth links generated by an untrusted service can lead to session hijacking.
Recommendations
- AI detected serious security threats
Audit Metadata